Robocaller leaks files on "hundreds of thousands" of voters
Robocent, a Virginia Beach political robocalling contractor, failed to secure more than 2,000 files in its Amazon cloud storage account including political profiles on "hundreds of thousands" of voters.
Why it matters: States typically make registered voter data public - the voter data could be best described as sensitive but not private. However, states can put restrictions on what entities can receive access to those files.
Researchers at Kromtech first made the discovery, alerted Robocent (who has since secured the files) and detailed their work in a LinkedIn post.
Details: The leaky files include audio recordings of calls as well and databases listing voters contact information, preferred political party as recorded by the state and demographic information.
Yes, but: Finding cloud storage leaks is not something malicious actors can do easily. These are cloud storage units, known as buckets, that are misconfigured to be accessible by the public. However, most public buckets are intended to be public, and finding exploitable information just by searching for public buckets is grueling work, even though the process is being made easier by security companies.
In short, just because the data was public doesn't mean anyone unauthorized saw it beyond the researchers.